Android利用tcpdump抓包

[b]Instructions[/b]
[url]http://source.android.com/porting/tcpdump.html[/url]
[b]Source Code and Documents[/b]
[url]http://www.tcpdump.org/[/url]
[b]Compiled Binary Download[/b]
[url]http://www.strazzere.com/android/tcpdump[/url]
[b]数据包分析工具Wireshark[/b]
[url]http://www.wireshark.org/download.html[/url]

[b]
Installing tcpdump[/b]
[b]Pushing the binary to an existing device[/b]
Download tcpdump from [url]http://www.tcpdump.org/[/url], then execute:

adb root
adb remount
adb push /wherever/you/put/tcpdump /system/xbin/tcpdump
adb shell chmod 6755 /data/local/tmp/tcpdump

[b]Running tcpdump[/b]

You need to have root access on your device.

[b]Batch mode capture[/b]

The typical procedure is to capture packets to a file and then examine the file on the desktop, as illustrated below:

adb shell tcpdump -i any -p -s 0 -w /sdcard/capture.pcap
# "-i any": listen on any network interface
# "-p": disable promiscuous mode (doesn't work anyway)
# "-s 0": capture the entire packet
# "-w": write packets to a file (rather than printing to stdout)

   ... do whatever you want to capture, then ^C to stop it ...

adb pull /sdcard/capture.pcap .
sudo apt-get install wireshark  # or ethereal, if you're still on dapper
wireshark capture.pcap          # or ethereal

   ... look at your packets and be wise ...

You can run tcpdump in the background from an interactive shell or from Terminal. By default, tcpdump captures all traffic without filtering. If you prefer, add an expression like port 80 to the tcpdump command line.

[b]Real time packet monitoring[/b]

Execute the following if you would like to watch packets go by rather than capturing them to a file (-n skips DNS lookups. -s 0 captures the entire packet rather than just the header):

adb shell tcpdump -n -s 0

Typical tcpdump options apply. For example, if you want to see HTTP traffic:

adb shell tcpdump -X -n -s 0 port 80